News

Andreas Gutmann has been featured on the AllThingsAuth podcast

19 August, 2019

Andreas Gutmann while at SOUPS2019 has featured on the AllThingsAuth podcast explaining some of his work on Security Risks with Security Code AutoFill in iOS & macOS. His segment can be found here share.transistor.fm/s/9bfff00a at timestamp 32:47

 

Apostolos Pyrgelis' NDSS 2018 paper receives distinguished paper award

09 March, 2018

The paper "Knock Knock, Who’s There? Membership Inference on Aggregate Location Data", by Apostolos Pyrgelis, Carmela Troncoso, and Emiliano De Cristofaro has received the distinguished paper award from NDSS 2018. More information is available here.

 

Luca Melis, Prof Danezis and Dr De Cristofaro awarded the Data Protection by Design Award

21 June, 2017

Luca Melis, Prof George Danezis and Dr Emiliano De Cristofaro have been awarded the "Data Protection by Design Award".

The award, at his 5th edition, is appointed by The Catalan Data Protection Authority to give recognition to technological solutions that make a relevant contribution to the protection of privacy in the design of applications.

The award was assigned for the paper "Efficient Private Statistics with Succinct Sketches" presented last year at NDSS. You can read more about this work also here.

 

Dr Murdoch interviewed about the security of Internet of Things

21 June, 2017

Dr Steven Murdoch has been interviewed for The Naked Scientists about the security of Internet of Things.

The radio broadcast is available here (available until 3 July 2017) while the trancript of the interview can be read here.

 

Vasilios Mavroudis featured in a New Scientist article about malicious colluding apps

02 June, 2017

Vasilios Mavroudis was recently featured in a New Scientist article on malicious colluding apps.

A recent survey by researchers uncovered numerous mobile app pairs that collude to leak sensitive user data. Vasilios commented on the potential security and privacy risks for the end users, and discussed how App stores can improve their screening process to detect such malicious pairs. The full article can be found here.

 

Dr Murdoch interviewed by The Register on Biometric payment cards

22 April, 2017

Mastercard has recently trialled payment cards featuring a fingerprint sensor to replace the use of PIN. Dr Steven Murdoch, interviewed by The Register, said

"There will be no doubt issues to be ironed out [..] How reliable is the technology, and how physically robust are the new cards?"

The full interview can be found here.

 

Dr Murdoch was interviewed by BBC News about the introduction of an app store register in China

17 January, 2017

Third party app stores are widespread in China and bad monitoring of third party apps caused large propagation of malware. As a consequence, the Cyberspace Administration of China requested all app marketplaces to join a register. Dr Murdoch was interviewed by BBC news on some potential side effects of this decision.  The full article can be found here.

 

Dr Murdoch featured in a BBC news article about Barclays cardless withdrawals

28 November, 2016

Barclays is testing new cash machines allowing its customers to use their smatphones to withdraw. Dr Murdoch commented on BBC News potential risks we could possibly face with the introduction of these machines. The article can be found here.

 

Dr Murdoch featured in E&T article on ransomware

28 November, 2016

Dr Steven Murdoch was featured in a E&T article about ransomware. A recent survey by a security company highlighted the extension of ransomware attacks. Dr Murdoch commented

"attackers are finding more efficient ways to force their victims to pay the ransom. New types of ransomware have been found that don’t only encrypt the victim’s data but also make an online copy. The attacker then threatens to publish the sensitive data to the world if ransom is not paid."

The full article can be find here.

 

News coverage for Jeremiah Onaolapo, Dr De Cristofaro and Dr Stringhini on their paper on 4chan

27 November, 2016

In the past weeks Jeremiah Onaolapo, Dr De Cristofaro, Dr Stringhini and co-authors published a study on 4chan politcally incorrect board (/pol/). The article provides a large scale analysis of content of posts, posting behaviour of the users and attacks carried from the platform into other social media.  The study attracted considerable attention from the media:https://theconversation.com/4chan-raids-how-one-dark-corner-of-the-internet-is-spreading-its-shadows-68394

 

Mustafa Al-Bassam has been featured on The Register article about blockchain

09 November, 2016

Mustafa Al-Bassam has been quoted in a news article on use cases of blockchains. The full article, from The Register, can be found here.

 

Mustafa Al-Bassam featured on various news article about the latest data released by The Shadow Brokers

09 November, 2016

Mustafa Al-Bassam has been quoted on a number of articles about new data released by a group conducting an illicit auction of "cyber weapons" believed to be created by the NSA-linked makers of Stuxnet, Duqu, and Flame. The group released files containing IP addresses which Mustafa pointed out that "the IP addresses may relate to servers the NSA has compromised and then used to deliver exploits" and that the "servers were compromised between 2000 and 2010".

The full articles can find here and here.

 

News Coverage for Vasilios Mavroudis' Work on Ultrasound Cross-device Tracking

08 November, 2016

A recent presentation on Blackhat Europe given by UCL's Vasilios Mavroudis and POLIMI's Federico Maggi discusses the potential attacks and countermeasures that are possible using ultrasounds for cross-device communication. The presentation is based on joint research by UCL, POLIMI and UCSB.  Their findings demonstrate that attackers can imperceptibly exchange information between devices, thus bypassing security measures such as sandboxing or permissions management. 

The presentation has gathered a large amount of media coverage including WIRED, New Scientist and Slashdot.

More information is available in the project's website.

 

Dr Murdoch featured on Telegraph article about NCSC's anti-DDoS Strategy

08 November, 2016

Dr Steven Murdoch was featured on a Telegraph article about a plan by the National Cyber Security Centre, which is part of GCHQ, to strengthen the UK's internet infrastructure against distributed denial of service attacks. The plan calls for ISPs to stop using legacy internet protocols such as BGP, as they lack adequate protections. Dr Murdoch commented that GCHQ "doesn’t really have the trust of industry".

The full article is available here.

 

Dr Murdoch Featured on BBC News about Digital Forensics and Biometrics

08 November, 2016

Dr Steven Murdoch was featured on two different BBC news articles regarding digital forensics. In the first article, Dr Murdoch was consulted on the feasibility of FBI reviewing 650,000 emails in 8 days. The key point, he said, was that reviewing does not necessarily mean reading, as automated techniques could significantly reduce the number of documents requiring the investigators' attention.

In the second article, Dr Murdoch commented on Voco, Adobe's photoshop analogue for voice data. Using the software, one can take a voice sample of a person uttering one phrase and synthesise a similar voice uttering another. While biometrics firms, who use voice prints for authentication, believe their software to be impervious to such forgeries, Dr Murdoch opined that testing is the only definitive way to evaluate their claims.

 

Dr Olejnik's Work Results in Removal of Browser Battery API for Privacy Reasons

08 November, 2016

Firefox and WebKit (the engine behind Apple's Safari and Google's Chrome) recently revealed plans (Firefox  WebKit) to remove support for the Battery API in their browsers. This comes following research by Dr Lukasz Olejnik which highlighted the privacy implications of shipping a high-precision battery API, including fingerprinting and differential pricing. While the research suggested some forms of mitigation, the decision reached by the two groups was that the potential benefits and use cases of the API were unclear. In his blog, Dr Olejnik notes that this removal of functionality in favour of security is unprecedented in the history of the web.

The full blog article is available here. Further coverage is available in the Guardian, Slashdot, Betanews, and Heise (German) among others.

 

Dr Murdoch featured on BBC News article regarding Google's recent vulnerability disclosure

02 November, 2016

Dr Steven Murdoch was interviewed for a BBC News article regarding Google's recent disclosure of a vulnerability affecting the Windows operating system. Microsoft was given notice 10 days before the public announcement, but a longer blackout period of 30 or 60 days is standard practice. Google decided to publicise the vulnerability because it is currently being exploited, drawing criticism for Microsoft who have not yet produced fixes for all versions of Windows. Dr Murdoch suggested that "[...] whether or not it was right to have made the flaw public is a matter of debate - there are reasonable arguments on both sides, and we still don't know who are the attackers and who are the targets".

The full article is available at BBC News.

 

Dr Murdoch featured in The Anthill, a podcast from The Conversation

24 October, 2016

Dr. Steven Murdoch was featured in The Anthill, a podcast from The Conversation. In the sixth episode, titled "Into the darkness", Dr. Murdoch discusses about the dark web and Tor onion services.

You can find the podcast here (segment starts at 35m 22s)

 

Dr Lukasz Olejnik quoted in Daily Telegraph article on new Swiss surveillance law

28 September, 2016

UCL's Dr Lukasz Olejnik was quoted on a Daily Telegraph article about the new surveillance law that Switzerland which was recently adopted via referendum. The new law combines new investigative powers with tight oversight, in a combination described as "unprecedented and important". While strong surveillance laws are somewhat commonplace, the requirement to notify surveillance targets after the fact is relatively novel.

 

The full Daily Telegraph article is available here.

More details are available in Dr Olejnik's blog.

 

 

 

Dr Murdoch featured in BBC coverage of Yahoo breach

25 September, 2016

Dr Steven Murdoch was featured in BBC's coverage of Yahoo's recently announced security breach. The breach, which took place on 2014 but was only made known last week involves account details of 500 million users of the service. It is believed to be the largest known security breach in terms of number of affected users.

  

 

Dr Murdoch featured in BBC article on cyberweapon auction

17 August, 2016

Dr Steven Murdoch was quoted on a recent BBC article about an illicit auction of software described as "cyber weapons". The all-pay auction, which is to be conducted via bitcoin is claimed to include software from the makers of Stuxnet, Duqu, and Flame; all widely believed to be state-sponsored. Dr Murdoch stated that "It is extraordinary that a government based (or at least government supported) group would get comprehensively hacked, but there is evidence indicating that this may have actually happened".

 

News Coverage of Relay Attack Article by Dr Murdoch

11 August, 2016

A recent article by Dr Steven Murdoch has been covered by The Register and the Daily Mail. The article discusses how previous work on bank card relay attacks by Dr Murdoch is still relevant. Relay attacks work by rerouting the communication between a customer's card and the Point of Sales device, sending it to a different terminal, and charging the customer for a different transaction. The initial research was based on chip and PIN cards and proposed a simple solution: the transaction protocols would require fast replies so that relayed communication would fail.

Contactless cards present a harder challenge: their operating power is limited, and the timing of wireless communications standards is less precise.

Dr Murdoch's article in the Conversation is available here.  

 

Dr Olejnik's work on Battery Status Privacy featured on the Guardian

02 August, 2016

A recent paper co-authored by Dr. Lukasz Olejnik was featured in a Guardian article. The paper demonstrates that the potential privacy implications of the Battery Status API. The intention behind the API is to allow websites to offer simpler versions when accessed by devices low on battery. However, by offering high precision information, the API could also enable privacy breaches such as tracking.

The full paper, "Privacy engineering analysis of Browser Status API" is available, along with some discussion in Dr. Olejnik's Blog.

The Guardian article is available here.

 

Dr De Cristofaro at Microsoft's Research Faculty Summit

18 July, 2016

Dr Emiliano De Cristofaro attended the seventeenth annual Microsoft Research Faculty Summit in Redmond, Washington. He has been invited to give a talk about Genome privacy:

The Genomics Revolution: The Good, The Bad, and The Ugly (The Privacy Edition)

See more at https://www.microsoft.com/en-us/research/event/faculty-summit-2016/

 

Dr Murdoch interviewed by ShareFM Radio on Cybercrime

12 July, 2016

Dr Steven Murdoch was featured on the Morning Money show on ShareFM. The topic of the interview was the recent advice issued by the National Crime Agency with respect to cybercrime.

You can listen to the interview here.

 

Jonathan Bootle wins ACE-CSR elevator pitch competition

12 July, 2016

Congratulations are due to Jonathan Bootle for winning the best PhD student presentation prize at the ACE-CSR conference. Jonathan gave a very animated and space efficient presentation on space efficient zero knowledge proofs, based on research performed at UCL.

The presentation, "How to do Zero Knowledge from Discrete Logs in under 7kB",  was also featured on last week's InfoSec seminar.

 

Dr Murdoch interviewed by BBC and ShareFM on Apple and iOS encryption

27 June, 2016

Dr Steven Murdoch was interviewed by BBC and radio ShareFM on the latest news about Apple and encryption. Last week apple released the beta version of his iOS featuring, differently from previous versions, an unecrypted kernel.

More details can be found in the BBC article and ShareFM interview.

 

UCL work on Bank Fraud T&Cs covered on the Register

09 June, 2016

The paper International Comparison of Bank Fraud Reimbursement: Customer Perceptions and Contractual Terms  was covered by an article on The Register. The paper compares the terms and conditions related to fraud across 30 banks in 35 countries, and was co-authored by researchers in the UCL Information Security Group: Ingolf Becker, Ruba Abu-Salma, Dr. Steven Murdoch, Prof. Angela Sasse and Dr. Gianluca Stringhini, joined by Dr. Alice Hutchings and Prof. Ross Anderson from the University of Cambridge and Nicholas Bohm from the Foundation for Information Policy Research.

Apart from discussing the differences in the terms and conditions themselves, the paper also examines the expectations of bank customers in different countries (UK, US, and Germany) regarding fraud, as well as their evaluation of the terms after having read them.

The paper will will be presented at the Workshop on the Economics of Information Security (WEIS), Berkeley, CA USA, 13–14 June 2016.

 

The Register article is available here.

A post on the Bentham's Gaze blog is available here.

The paper is available here.

 

Dr Murdoch Interviewed by BBC News on Ransomware

09 June, 2016

Dr Steven Murdoch was interviewed by the BBC for a news story concerning ransomware. A Canadian University has confirmed that more than 100 machines had been compromised with ransomware, malicious software that encrypts files on the infected computer and then requires a ransom to be paid before the decryption key is produced. The University decided to pay upwards of £10,000 to hackers in order to restore access to maliciously encrypted data. Dr Murdoch commented that while paying up might be the simplest solution to restore access, it will increase attacks in the future.

The full article is available here.

 

Dr Murdoch Interviewed on ATM bank heist

31 May, 2016

Dr Steven Murdoch was interviewed on the Daily Telegraph, regarding an organised ATM bank heist. The heist involved 1400 ATMs being targeted in a 2 hour period, using counterfeit credit cards with accounts in the South African institution Standard Bank. Damages are estimated at £8.8 million. Dr Murdoch opined that the attack targeted weaknesses in Banks' systems instead of individual customers.

The full article is available here.

 

Dr Murdoch Interviewed on Spying via Metadata

23 May, 2016

UCL's Dr Steven Murdoch was interviewed on the subject of authorities tracking people via the use of metadata. The topics covered include the breadth of metadata tracking in the US (with one interpentation suggesting up to 25000 people tracked in relation to a single suspect), as well as the power and significance of metadata. Dr Murdoch quoted former NSA & CIA Director David cole: "We kill people based on metadata". At the same time, Dr Murdoch criticised the lack of legal protections regarding metadata: “'Metadata is not sensitive so it doesn’t deserve protection of the court system.' That’s the prevailing thought process in UK legislation”.

The interviews were related to a recent Stanford research paper, demonstrating the practicality of metadata analysis, available here.

The BBC Radio 4 interview is available here. [Interview starts at 14m55s]

The BBC World Service interview is available here. [Interview starts at 17m30s, Segment starts at 14m35s]

The Daily Telegraph article quoting Dr Murdoch is available here.

 

Dr Murdoch Interviewed by BBC News on Malvertising

16 May, 2016

Dr Steven Murdoch was interviewed by BBC News on the topic of malicious advertising. Malvertising works by using ad networks to serve malicious software posing as ads to visitors of legitimate, mainstream websites. Dr Murdoch mentions that ad networks "fail to vet their clients" thus undermining the current business model of the web. As users turn to ad blocking to protect themselves, websites will need to find other ways to stay in business.

 

Read the full article here.

 

Dr De Cristofaro talked about Facebook like farm on Dutch television

27 April, 2016

Dr Emiliano De Cristofaro appeared on Dutch TV AVOTROS talking about Facebook like farm.

The segments (English) can be find here at minutes 2.15, 6.15, 11.05 and 12.05.

 

Dr Murdoch interviewed on BBC Radio Scotland on Apple-FBI case

21 April, 2016

Dr Steven Murdoch was interviewed on the Good Morning Scotland programme on the ongoing topic of the Apple-FBI phone encryption debate. The case is now being presented to the US House of Representatives Energy and Commerce Committee. Dr Murdoch opined that security services, given adequate expertise, should be able to effectively investigating crimes by taking advantage of outstanding security flaws rather than requiring cooperation from software companies.

 

You can listen to the full interview here [starts at 1h 55m].

 

Dr Murdoch interviewed by BBC Radio 4 on Phishing Emails [Updated]

07 April, 2016

Dr Steven Murdoch was interviewed on the You and Yours programme on BBC Radio 4. The segment was discussing Phishing Emails that include the recipient's mailing address in the text, so as to appear more convincing. This data often originates from retailer sites being hacked said Dr Murdoch. The interview is also featured in a BBC news article on the same issue.

Update: There is further coverage on the scam from the BBC here, including quotes from Dr Murdoch:

"It also appears to be quite widespread - I've heard about it from multiple sources so it seems like they were fairly successful getting a lot of these sent out."

Listen to the interview here [starts at 33m24s].

 

Dr Murdoch interviewed by BBC Radio Scotland on the Apple-FBI case

04 April, 2016

Dr Steven Murdoch was interviewed by BBC Radio Scotland on the topic of phone encryption, and specifically the ongoing story between Apple and the FBI. The interview touches on the subject of responsible disclosure as Apple is requesting that the FBI reveal their means of bypassing iPhone security.

 

You can listen to the interview here. [Starts at 1h 48m]

 

Dr Danezis' work recognised by Government Digital Service

24 March, 2016

A recent blog post by the Government Digital Service explains how a research paper co-authored by Dr George Danezis provided feedback to the GOV.UK Verify project, and the steps taken to mitigate the threats described in the paper. The GOV.UK Verify project aims to provide a secure framework for proving ones identity online. Danezis' paper examines threats that arise in such a system if the central hub is compromised or corrupt.

 

Dr Danezis and Prof Angela Sasse also serve as members of the Privacy and Consumer Advisory Group (PCAG), advising the government in matters regarding personal data and privacy.

 

Read the full post here.

Read the referenced paper here.

 

Dr Stringhini interviewed by BBC World Service on bug bounties

22 March, 2016

Dr Gianluca Stringhini was interviewed on the BBC World Service Business Daily programme. Dr Stringhini explained how companies offer bounties for bug disclosure in order to incentivise ethical hacking and improve their security.

Listen to the interview here [starts at 9:06]

 

Dr Meiklejohn and Dr Danezis' work on centrally bank cryptocurrencies featured on several news articles

14 March, 2016

Dr Meiklejohn and Dr Danezis' work on centrally banked cryptocurrencies received significant attention in the media. The paper (presented at NDSS'16) proposes RSCoin, a cryptocurrency that allow a central bank to control the monetary supply, while a distributed set of authorities is in charge of mantaining the transaction ledger.

Some news articles on the topic:

 

Dr Meiklejohn and Dr Danezis' work featured in MIT Tech Review article

11 March, 2016

Dr Meiklejohn and Dr Danezis' work on centrally banked cryptocurrencies was featured in a MIT Tech Review article.

The full article is available here.

 

Dr Murdoch interviewed by BBC News on encryption of Amazon Fire

11 March, 2016

Dr Steven Murdoch was interviewed by BBC News about the encryption of Amazon Fire devices. The company removed the disk encryption security feature and subsequently faced criticism.

The full article is available here.

 

 

 

Dr Murdoch et al. NDSS 2016 paper featured in several news article

02 March, 2016

Dr Steven Murdoch's NDSS 2016 paper "Do You See What I See? Differential Treatment of Anonymous Users" was featured in several news articles. The paper observes that several websites either block, degrade their service or impose CAPTCHA's to users accessing via the Tor network. News coverage on the article appeared in numerous sources:

 

 

Dr Murdoch interviewed by BBC on Tor Hidden services

02 March, 2016

Dr Steven Murdoch was interviewed by BBC on Tor hidden services. Researchers recently noticed a spike in the number of hidden addresses in the Tor network. While there are some plausible causes of this dramatic increase, it might be hard to know for sure the actual reason behind it. Reed the full article here.

 

Dr Murdoch Interviewed by the Telegraph on glibc bug

02 March, 2016

Dr Steven Murdoch Interviewed by the Telegraph on a bug discovered by Google researchers in the glibc library. The bug exposes the vast majority of Linux operating systems, even though most Android devices should not be affected. Reed the full article here.

 

Dr Murdoch interviewed by BBC and Sputnik News on a court order regarding FBI and Apple

22 February, 2016

Dr Steven Murdoch was interviewed by BBC News on a court order regarding FBI and Apple. The company was asked to help the FBI access data on a phone owned by San Bernardino gunman. Apple announced their opposition to the order.

The article is available here.

Another interview on the same topic coule be found here.

 

Dr Emiliano DeCristofaro awarded Google Research Award.

22 February, 2016

Dr Emiliano DeCristofaro, and co-Investigator Dr Christophe Dessimoz, have been awarded with Google Research Award. The award features a  $70,625.00 USD grant and  will cover tuition for a graduate student.  Their proposal is titled "Enabling Progress in Genomic Research via Privacy-Preserving Data Sharing" and is one of the 151 funded projects out of a total of 950.

More details are available in the Google Research Blog.

 

Prof. Sasse and Dr DeCristofaro on voice recognition.

22 February, 2016

Dr Emiliano DeCristofaro and Professor Angela Sasse appeared on BBC Radio to comment on the recent rollout of voice recognition for phone banking authentication. Dr DeCristofaro appeared on Radio 4's Today programme, commenting on the particulars of voice recognition as well as biometrics in general. Professor Sasse appeared on Jeremy Vine's Radio 2 show and gave her insight on the security and usability of the system being rolled out.

You can listen to Professor Sasse here [starts at 37:25].

Dr DeCristofaro's interview is available here [excerpt] and here [starts at 1:16:40].

 

Dr Danezis mentioned in Ars Technica news article.

19 February, 2016

Dr George Danezis was mentioned in a news article about NSA's SKYNET program. The article referenced a blog article by Dr Danezis commenting on the data mining techniques used by GCHQ.

The article is available here.

 

Proferssor Sasse and Dr Murdoch were interviewed by BBC on hack of VTech's electronic toys.

15 February, 2016

Proferssor Angela Sasse and Dr Steven Murdoch were interviewed by BBC Online News about the Hack of information from VTech's website. After last year's breach, the company changed their terms and conditions making the parents to accept full responsability in case of future breaches. 

Read the article here.

 

Dr Steven Murdoch on Proposed Phone Call Encryption

25 January, 2016

Dr Steven Murdoch posted an article on Bentham's gaze regarding the (in)security of the proposed MIKEY-SAKKE protocol. The protocol is being promoted by the UK government as a means of phone call encryption. However, it is based on mandatory key escrow which means that surveillance is essentially built into the system. News coverage on the article appeared in numerous sources:

 

 

 

This page was last modified on 18 Sep 2018.